Linux kernel Disable Auto-Loading of Kernel Modules
Yesterday, I saw this email and I was like WTF?!
The patch is to simply comment out MODULE_ALIAS_NETPROTO() macros of RDS and ECONET protocols but seriously… Is this a security patch?
What? Linux developers are too cool for a simple patch such as grsecurity’s MODHARDEN?
If someone was about to own a system using a local root on some exotic protocol family he probably have done this before his bug was killed. So, the aim of this patch is to avoid other vulnerabilities on those two modules by completely disabling them. Then what’s the purpose of compiling them and keeping them in Linux kernel?
I don’t like spender (and he doesn’t like me either) but that has nothing to do with his MODHARDEN patch which is a very sane approach for a mitigation strategy against such vulnerabilities.
While preventing auto-loading would be ideal from a security perspective, there are numerous problems with disabling it entirely – it breaks many distros by default. Blacklisting (or better yet, whitelisting) modules is a good step in limiting the attack surface. The modules are compiled so an administrator can still explicitly load them if he wants to actually use them, which is the right approach.
Dan Rosenberg
December 1, 2010 at 08:50
How about a default of enabled auto-loading managed through procfs?
I personally find black/white-listing useless.
xorl
December 1, 2010 at 09:15